Cluster der kan alt/LDAP eller NIS

From Teknologisk videncenter
Jump to: navigation, search

NIS or Network Information Services is a simple - and insecure - way of making Single Sign On in a cluster of UNIX/Linux machines. Very useful in a closed network.

Originally NIS was called YP - Yellow Pages - and the acronyms YP and NIS are used.

There are up to three roles in a NIS installation

Master server
The master server - shares files to slaves and clients. For example the passwd and group file
Slave server(s)
Maintain copies of the Master Server shared files. Provides redundancy and load balancing
Clients
Use the shared files - for example for single sign on. Users added on the master server

Installation of the master server

Add the following line to /etc/hosts.allow. (In this case master,slaves and clients lives in the 10.222.0.0/24 network)

portmap ypserv ypbind: 10.222.0.0/255.255.255.0

Install NIS. You will be asked to enter the domain name. The domain name is not the DNS domain name - but a unique name for the the cluster of machines sharing the same information. (I use the DNS domain name - one less thing to remember)

apt-get install portmap nis
  • Edit /etc/default/nis and set the NISSERVER line to NISSERVER = master
  • Edit /etc/yp.conf and add a server line of the form: (Note my domain-name is c1.local)
domain c1.local server 127.0.0.1
  • Edit /etc/ypserv.securenets remove the 0.0.0.0 line - insecure - and add your net/nets

Adding a user

When adding a user with adduser it's necessary to rebuild the NIS maps

root@head:~# <input>make -C /var/yp</input>
make: Går til katalog '/var/yp'
make[1]: Går til katalog '/var/yp/c1.local'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Forlader katalog '/var/yp/c1.local'
make: Forlader katalog '/var/yp'